# Project memory

- Repo: `netupgrade`
- Language: Bash
- Entry point: `bin/netupgrade`
- Purpose: interactive SSH-based maintenance/upgrade CLI

## Rules
- Keep it lightweight and shell-based
- Preserve backward compatibility when possible
- Treat config files as trusted shell input
- Be careful with SSH quoting and remote command construction
- Prefer small, reviewable changes
- Keep docs aligned with runtime behavior
- Avoid introducing `set -euo pipefail` without validating failure semantics

## Current behavior
- Loads configs from `~/.config/netupgrade/*.cfg`
- Uses `NODES` entries: `host;display-name;action1;action2;...`
- Runs selected actions sequentially over SSH
- Defaults to `root@host`, or `SSH_USER@host`
- Logs to `~/netupgrade.log`
- Opens the log with `$EDITOR`, then `nano`, `vi`, or `less`

## Sensitive areas
- SSH quoting
- `cmd:<...>` execution
- `docker-stacks:<...>` handling
- package-manager cleanup behavior
- error propagation